firebase realtime database rule for authentication user

0
votes

What rule should I use if I want only authentication user can write the data into firebase and then the authentication user can read the data from other authentication user. For example User A write a data into database, I want User B also can read data from User A.

For example JSON:

{
  "User Information" : {
    "47NiYA7rGNa8nJvlnnxzpxhqvCl2" : {
      "-LYuXT8d5Hzm4Sp_7buK" : {
        "deceasedName" : "You",
        "deceasedRelative" : "Are",
        "noLot" : "34",
        "relativeAddress" : "Main Road",
        "relativeContact" : "0231456789"
      }
    },
    "LV4y2BXnNWWkJix6YwTRJV8LdQs2" : {
      "-LYufF_KMO1o7EULIK8Y" : {
        "deceasedName" : "amir",
        "deceasedRelative" : "loqman",
        "noLot" : "104",
        "relativeAddress" : "aman",
        "relativeContact" : "123456"
      }
    }
  }
}

For table "User Information" there are 2 authentication user which is Uid = "47NiYA7rGNa8nJvlnnxzpxhqvCl2" and Uid = "LV4y2BXnNWWkJix6YwTRJV8LdQs2". So I want each user can retrieve every data in "User Information" table.

This code only allowed user to retrieve their own data:

 databaseReference = FirebaseDatabase.getInstance().getReference("User Information");
    FirebaseUser user = firebaseAuth.getCurrentUser();
    String UserID = user.getUid();
    databaseReference.child(UserID).addListenerForSingleValueEvent(new ValueEventListener() { {
        @Override
        public void onDataChange(@NonNull DataSnapshot dataSnapshot) {
            for (DataSnapshot INFOSnapshot : dataSnapshot.getChildren()){
                UserInformation  userInfo = INFOSnapshot.getValue(UserInformation.class);
                infoList.add(userInfo);
            }
            UserInfoAdapter userInfoAdapter = new UserInfoAdapter(InfoDisplayActivity.this, infoList);
            listViewINFO.setAdapter(userInfoAdapter);
        }

        @Override
        public void onCancelled(@NonNull DatabaseError databaseError) {

        }
    });

I use this firebase rule:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

So do I need to change the firebase rule or change the coding?

1
firebasefirebase-realtime-databasefirebase-security
You've also included a picture of the JSON tree in your question. Please replace that with the actual JSON as text, which you can easily get by clicking the Export JSON link in the overflow menu (⠇) of your Firebase Database console. Having the JSON as text makes it searchable, allows us to easily use it to test with your actual data and use it in our answer and in general is just a Good Thing to do.Frank van Puffelen

1 Answers

1
votes

For the writing part I suggest you change your rules to this:

{
  "rules": {
    ".write": "auth != null",
    "User Information": {
      "$user_id": {
        ".write": "$user_id === auth.uid"
      }
    }
  }
}

With this write rule every user can only write to their own user information but are still able to read everything in the database. For more information about user security I suggest you read the Firebase documentation.

As for reading all the user informations you only need to remove the .child(UserID) part in your code like this:

databaseReference.addListenerForSingleValueEvent(new ValueEventListener() { {